Thursday, May 24, 2007

New Strategy in The War Against Spam

Hey, at least its a war that everyone can support.

From the BBC:
Backing for tool to battle spam

The DomainKeys Identified Mail (DKIM) system is a method of validating the identity of the sender of an e-mail.

Spammers hide their identity by using a false, or spoofed, address in the millions of messages they send out.

DKIM uses encrypted digital signatures to prove a message's origin and a draft standard has been accepted by the Internet Engineering Task Force (IETF).

The IETF is the umbrella group representing firms such as Yahoo, Cisco, Sendmail and PGP Corporation.

The firms have pledged to work with ISPs, businesses and financial institutions to roll out the technology as soon as possible.

Protecting e-mail users from scams was a top priority, said Mark Delany, lead architect for Yahoo Mail and author of DomainKeys.

"DomainKeys Identified Mail is positioned to become the pre-eminent standard for e-mail authentication," he said.

Key consideration

Although 90 to 99% of e-mail comes from senders known to the recipient, establishing the identity of a sender remains a key consideration in the protection against spam.

Spammers get away with sending spoofed e-mails because mail servers only check if a domain mentioned in these spoofed addresses - such as @madeupmailname.com - is known to be used by spammers.

DKIM lets honest e-mail senders prove they sent a message by encrypting a two-part signature, or key, in a selected part of the mail.

The e-mail provider, such as Yahoo, puts an encrypted private key into the e-mail when it is sent.

It is linked to a public key held by the internet's domain name system - the phonebook of the internet.

The mail server which receives the e-mail checks to ensure that the private and public keys match, proving that the message has come from a genuine sender.

But in order for the technology to work, both the sender and recipient need their mail services to be signed up to DKIM.

"DKIM is an example of major players coming together to do the right thing, sacrificing short term competitive edge to ensure safety, security and trust on the internet," said Eric Allman, co-founder of messaging service Sendmail.

Since a huge amount of the resources of the net are used to transport spam this could potentially save the web from death by spam traffic, save ISPs tons of money in bandwidth costs, and prevent financial loss from phishing emails. Its a win win situation for everyone.